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Abstract 

Inspired from a joint work by A. Beckmann, S. Buss and S. Friedman, 
we propose a class of set-theoretic functions, predicatively computable set 
functions. Each function in this class is polynomial time computable when 
we restrict to finite binary strings. Moreover we investigate Ei-definable 
functions in fragments of set theories for the functions in the class with 
or without the choice function. 



1 Introduction 

Bellantoni and Cook [3] introduced a class B of functions on finite binary strings. 
Arguments of each function / in the class B are divided to normal arguments 
X and safe arguments a, and denoted /(x/a]0 . Let e denote the empty string, 
and si the concatenated string obtained from the binary string s and i = 0, 1. 
The class B is generated from initial functions (projections, zero, binary suc- 
cessors Si{—/s) = siii = 0,1), the predecessor p{—/e) = e, p{—/si) = s, the 
conditional(parity test) C{—/a,b,c) = b if a ~ si, = c otherwise) by operating 
safe composition f{x/a) ~ h{r{x / ~) / t{x / a)) and predicative recursion on no- 
tation f(e,x/a) = g{x/a) and f{si,x/d) = hi{s,x/a, f{s,x/a)) for i = 0,1. It 
is shown in [3] that the polynomial time computable functions are exactly those 
functions in B having no safe arguments. 

It seems to me that the class B not only characterize the class of the poly- 
nomial time computable functions, but also is of foundational importance since 
each function in B is computable predicatively . By computability we mean that 
each object reaches to a canonical form by some computations. In a predica- 
tively justifiable computation we can not assume a computation to be a com- 
pleted process in advance since it involves infinite searches or at least the notion 
of finite computations (completed processes) in general. For example a substitu- 
tion of /(s,x/a) in a normal argument, f(si,x/a) = hi{s,x, f{s,x/a)/a) is hard 
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to justify predicatively since it assumes a hypothetical computation oi f{s,x/a) 
to be completed. On the other side, we see that a computation process of each 
function f[x/a) in B can be obtained by imitating the generating process of 
normal arguments x. In the computation process the safe arguments a act only 
as names. In other words we don't need to know the values (canonical forms) 
of a, but need the values of normal arguments x from which we know how the 
arguments are generated from e by rules s i-> si. In this sense the predicative 
recursion on notation is justifiable predicatively. This observation was implicit 
in our joint work [T] with G. Moser to design a path order POP for computations 
in B. 

We now ask how to define predicatively justifiable computations on setsl 
Contrary to binary strings, there seem no canonical forms of sets even for hered- 
itarily finite sets unless we assume, e.g., the axiom of constructibility. Let us 
approach modestly. First pick some functions on safe arguments to generate 
sets such as pairing and unions. Then applying safe composition and a safe 
set recursion f{x,y/a) — h{x,y/a,{f{z,y/a) : z £ a;}) to get a class of func- 
tions on sets. Each set is inductively generated, i.e., the epsilon relation z G cc 
is well founded. Safe set recursion is close to the idea of predicatively com- 
putable functions since we don't need to know the values of intermediate terms 
f{z,y/a) (z £ x) to continue the computations of f[x,y/a). Thus a class PCSF 
of predicatively computable set functions is obtained in section [3] The class 
PCSF is a subclass of the class SRSF of safe recursive set functions due to A. 
Beckmann, S. Buss and S. Friedman [3]. Their joint work motivates ours, and 
is reported in section [2] 

In section |4] it is shown that each polynomial time computable function on 
finite binary strings is in the class PCSF, cf. Lemma l4.ll In section [5] the 
size of PCSF function f{x/a) is seen to be bounded by a polynomial in the 
sizes of normal arguments x, and to depend linearly on the safe arguments a, cf. 
Theorem l5.2l From this we see readily that each PCSF function f{x/—) on finite 
binary strings is polynomial time computable, cf. CoroUarv 15.161 In the final 
sectional four fragments of set theory are introduced. Roughly these fragments 
are obtained from the Kripke-Platek set theory by restricting the Foundation 
axiom to Ei-formulas, and restricting the combinations Vx £ y3a of quantifiers 
for the cases y € D, where V denotes a transitive class to denote the 'domains' 
of functions. Namely any function / has a domain y in the class V. Moreover 
an inference rule 'infer 3a £ 'DLp{x^a) from 3a(p(x, a)' for x <Z T) is added. It 
turns out that two in four Si-define PCSF-functions, the other one Si-define 
PCSF-functions with choice function, and the remaining one is too stronger, cf. 
Theorem 16.51 

2 Safe recursive set functions 

A. Beckmann, S. Buss and S. Friedman [3] introduced a class SRSF of safe recur- 
sive set functions . The class SRSF is obtained from Gandy- Jensen rudimentary 
set functions on safe arguments by safe composition scheme and predicative set 
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(primitive) recursion scheme a la Bellantoni-Cook. 
(Projection) 

7r"'"'(a;i, . . . ,a;„/a;„+i, . . . ,a;„+,„) ^ Xj (1 < j < n + m). 

(Difference) 

diff(-/a, b) = a\b. 

(Pair) 

pair(— /a, &) — {a,b}. 

(Bounded Union) 

f{x/a,b) = [Jg{x/a,c). 

(Safe Composition) 

f{x/a) = /i(f(f/-)/f(.f/a)). 
(Predicative Set Recursion) 

f{x,y/a) = h{x,y/a,{f{z,y/a) : z £ a;}). 

They investigate definability and complexity of safe recursive functions. 

1. For each / g SRSF there exists a polynomial function qf on ordinals such 
that rank(/(x/a)) < max(rank(a)) + (7/(rank(a;)). 

2. A set-theoretic function /(a?/—) on infinite ranks x is in SRSF iff it is 
Si-dcfinable on SR„(x) ;= ^j^n^j)!. for an n < cj, where for ordinals a 
and sets x denotes the L- hierarchy relativized to a;, and TC(x) the 
transitive closure of x. 

3. For each / 6 SRSF there exists a polynomial function pf such that 

card{TC{f{x/a))) < card{TC{{x,a}))^'''^ ' " , where card{x) denotes 
the cardinality of sets x. 

4. Under a natural encoding of finite binary strings, / G SRSF on finite 
strings are exactly the functions computed by alternating Turing machines 
running in exponential time with polynomially many alternations. 

It seems to mc that it is hard to justify the class SRSF predicatively. The 
problem lies in (Bounded Union) since it requires us to know all of the el- 
ements c in the set 6 in safe argument. However we don't know its value, but 
only know its name of b. Therefore collecting all the elements of sets in safe 
argument might not be in the idea of predicatively justifiable computations. 
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3 Predicatively computable set functions 



Let mc propose a subclass PCSF of predicatively computable set functions. First 
a subclass PCSF" of PCSF is introduced. 

Each function / in the subclass PCSF" has no normal arguments /(—/a). 
Initial functions in PCSF" are (Projection) on safe arguments, 7r~'™(— /ai, . . . , a„i) = 
Qj, (Pair), (Null), (Union), and (Conditionale). 

(Null) 

null(-/-) =0 = 0. 

(Union) 

union(— /a) = Ua. 

(Conditionalg) 

Conde(-/a,6,c,d) = | I '^^^^^^-^^ 

The class PCSF" is closed under composition f{~/d) — h{—/t{—/aj), and 
(Safe Separation). 

(Safe Separation) 

/(-/a, c) = c n {6 : h{~/a, 6) ^ 0} = {6 £ c : h{-/d, h) ^ 0}. 

The class PCSF is then obtained from PCSF" and (Projection) tt"'™ by oper- 
ating (Safe Composition) and (Predicative Set Recursion). 

A relation R{x/a) is in PCSF if its characteristic function XR{x/d) is in the 
class. {xB,{x/d) = 1 if R{x/d), XB.{x/d) = otherwise.) 

Remark. It is open, but unlikely the case that the class PCSF is closed under 
the following safe separation scheme. 

f{x/d, c) = c n {6 : h{x/d, b)^0} = {bec: h{x/d, b) ^ 0}. 

Recall that a function / is said to be simple iff R{f{—/d),b) is Aq for any 
Ap-relations R. As in [5] we see the following proposition. 

Proposition 3.1 Each f G PCSF" is a simple function. Hence f is a Aq- 
function in the sense that its graph is Aq. 

As in [71[2] we see the following proposition. Proposition 13.2151 tells us that 
a relation is in PCSF" iff it is rudimentary. 

Proposition 3.2 1. diff(— /a, &) ^ a\h is in PCSF". 

2. If g(x/d,b) is in PCSF, then so is f, where f(x,y/b) = g{x/y,b). 
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3. If g, h, R are in PCSF, then so is j , where If R{x/a), then f{x/a) = g{x/a) 
else = h{x/a). 

4. The class of relations in PCSF is closed under Boolean operations. 

5. A relation R{—/a) is Aq iff its characteristic function xr. is in PCSF". 

6. f{-/b,c) = b'c = [j{d eUUb: {c,d) eb} is in PCSF" for the Ao-relation 
(c, d) <Eb where (c, a) {{c}, {c, a}}. 

7. If h is in PCSF, then so is fix^y/a) = h{x,y/d,[J{f(z,y/d) : z G x}). 

8. (Cf. (Bounded Union).) 

If h is in PCSF, then so is f, where f{x,y/a) = [J{h{z,y/d) : z G x}. 

9. Ifh,R are in PCSF, then so are f,g, where f(x,y/d) ~ [J{h{z,y/a) : z G 
X, R{z, y/d)} and g{x, y/a) = {h{z, y/d):z€x, R{z, y/a)}. 

10. \ (x/a) = a\ x ^ {(z, a! z) : z G a;} and rng{x/ a) — a" x are in PCSF. 

11. The transitive closure TC(a::/— ) ~ xVJ y_}{'^G{y / —) : y G x} and the rank 
rank(x/— ) = [J{v&Tik{y / —) + 1 : y G a;} are in PCSF. 

12. If h is in PCSF, then so is 
(Predicative Function Recursion) 

f{x,y/d) = h{x,y/d,f\x) 
where f \x := {(z, /(z, y/a)) : z G x}. 

Conversely any PCSf -function is generated from PCSF ~ -functions and 
(Projection) by (Safe Composition) and (Predicative Function 
Recursion) . 

13. Let R be a Ao-relation. Assume that yx3\y[y G z A R{x,y, z,a)]. Let 
f(x, z/a) ~ y iff y £ z A R(x, y, z, a). Then f is in PCSF. 

Proof. Km\ a\b = {c e a : c ^ b} ^ {c e a : Conde(-/0, 1, c, 6)} by (Safe 
Separation) . 

13.2151 If xr G PCSF", then R{d) O XB{—/d) = 1 is a Ao-relation by Proposi- 
tion O 

Conversely consider a relation R{—/d,c) = 35 G cQ{—/d,b) with a Ao- 
relation Q. Then f{-/a,c) = c n {6 : 0(-/a,6)} = c n {fe : XQ 0} 
is in PCSF". Hence so is /a, c) = Condg(— /0, 1, 0, {/(— /a, c)}). For dis- 

junctions R{ — /a) V Q{—/d) use the finite union xh(— /a) U Xq(~/o), and for 
negations R{-~/d) use the conditional Condg(— /0, 1, 0, Xii:(— /a))- 
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13.2181 Let g{z,x,y/a,b) = h{z,y/a) if z G X. 17(2, y/a, &) = 5 otherwise, where 
z G X is in PCSF by (Conditionalg) and Proposition 13.2121 Let G{u,x,y/a) = 
g{u,x,y/a,\J{G{z,x,y/a) : z G m}). Then 

G{x,x,y/d) = g{x,x,y/a,y^{G{z,x,y/d) : z Gx}) 

= y_]{G{z,x,y/d) : z &x} 

= y_}{9{z, X, y/d, |J{G(it, x, y/d) : u e z}) : z G x} 

= |J{/i(2;,27/a) : zGx} 

TM ByProposition[32ISl/(a:,y/a) =U{Conde(-//i(z,y/a),0,0,Xfl(2,y/5)) : 
z G x} is in PCSF. Then so is g{x,y/d) = [J{{h{z,y/d)} : z € x, R{z,y/d)}. 

13.21101 By Propositions 1321] and E^ini both \{x/a) = a\x ^ {{z,a'z) : z & x} 
and a"x = [J{a'y : y € x} arc in PCSF. 

13.21111 Let fix/-) = (U{/(y/-) : y e 4) + 1 for a + 1 = a U {a}. Then 

f{x/—) = rank(x/— ) + 1 and rank(x/— ) = [Jf{x/—) = [J{u : u E /(a;/—)} 
since a = rank(a;/— ) is transitive, i.e., [Ja G a. 

13.21121 Let k{x, y/d) = uU {{z,h{z, y/d, u\ z)) : z G x} where u = [J{k{z,y/d) : 
z G x}. Then k is in PCSF by Propostions [X^ and 13.21101 
Suppose 

k{x,y/d) = {{zj{z, y/d)) : z €TC{x/-)} = f \TG{x/-) (1) 

Then we have for k{x) \x = {{z,k{x,y/d)'z) : z G x} and z G x, {k{x) \x){z) = 
f{z, y/d). Hence f(x, y/d) = h{x, y/d, f \x) — h{x, y/d, k{x) \x) is in PCSF. 

It remains to show ([T]) by induction on x. By IH we have k{x,y/d) = [J{f \ 
TC(z/— ) : z G x} U {{z,h{z,y/d, f \ z)) : z G x}. Hence by the definition of / 
we have k{x,y/d) ^ 1J{/ rTC(z/-) : z G x} U {{z, f(z,y/d)) : z G x}. This 
shows ([ij, and PCSF is closed under (Predicative Function Recursion). 

Conversely if / is defined from h by (Predicative Set Recursion), f{x, y/a) = 
h{x,y/d,{f{z,y/d) : z G x}), then /(x, y/a) = /i(x, y/a, (/ fx)"x). ha{x,y/d,b) = 
h{x,y/d,b"x) is in PCSF by Proposition l3. 21101 f is defined from Hq by (Pred- 
icative Fiinction Recursion). 

13.21131 By Propositions 13.2141 and I3".2I51 Ao-rclation R{x,y,z,d) defines a re- 
lation R{x,y,z/d) in PCSF. So is f{x,z/d) ~ [J{y ■ y G z, R{x,y, z/d)} by 
Proposition 13^2191 

□ 

4 Polytime function on finite strings 

Let HF denote the set of all hereditarily finite sets. Let us encode finite (binary) 
strings by hereditarily finite sets, : ^'^2 — MF slightly modified from [3]. 
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i^(e) = = (e is the empty string.) i/(si) = {i + 1, !^{s)) = {{i + 1}, {i + 
1, i^{s)}} {i = 0, 1). 1 = {0}, 2 = {0, 1}. For example, iy{lOO) = (1, (1, (2, 0))). 

Lemma 4.1 For each polynomial time computable function f{s) there exists a 
function F in PCSF such that for any finite strings s 

F{i.{s)/-)^v{f{s)). 

Proof. Let B denote the class of safe reeursive functions on binary finite strings 
in [3]. We show for each f{s/a) S B there exists a function F in PCSF such 
that for any finite strings s,fj F{y{s)/v{t^) = v{f{s/V)). 

For the binary successor Si{-~/s) ^ si {i = 0, 1), S{—/a) = {{i+1}, a}} 
does the job. 

For the predecessor p(— /e) = e, p{— / si) = s, first let by Propositions 13.213] 
and Em 

pred(-/a) = I ^ ^ = 

^ I ' 10 otherwise 

Namely pred(-/{6,c}) = 6Uc. Then let P(-/a) = (pred(-/pred(-/a)))\{0, 1} 
by Proposition 132111 We have P{-/v{si)) = ((i + l)Uz/(s))\{0, 1} = v{s) since 
{0,l}ni^(s) ^ 0. 

Next consider conditional(parity test) C{— /a^ fo, c) = 6 if a = si, = c other- 
wise. Since 2 ^ u{s) and {2} G v{a) <^ a = si, f{—/a, 6, c) = Condg(— /6, c, {2}, a) 
enjoys f{-/v{a), v{h),v{c)) = zy(C(-/a, 6, c)). 

Finally consider predicative recursion on notation. f{t,x/d) = g{x/a) and 
f{si,x/a) = hi{s,x/a, f{s,x/a)) for i = 0, 1. Let G and TJ^ be functions in 
PCSF for g and /i^, resp. Define F as follows. 

F(0,x/a) := G(:E/a). Let i = 1,2. F{i,x/d) ~ F({i},f/a) := 0. 
F{{i, y),x/a) := [j{F{z, x/a) : z € {i, y)} = F{{i, y}, x/a) and F{{i, y}, x/a) := 
Hi{y,x/a,[j{F{z,x/a) : z e {i,y}}) = Hi{y,x/a,F{y,x/a)) for y ^ i and 
i = 1 ^ y ^ 0. The cases are excluded. Otherwise F{y, x/a) := 0. □ 

Remark. Lemma [4.11 holds also for a subclass PCSF'. The initial functions 
in the subclass are projections tt"'™, difF(— /a, 6), S{—/a) = {a}, pred(— /a) in 
the proof of Lemma 14.11 Condg {~/a,b,c, d) and finunion(— /a, b) = aU b. The 
class PCSF' is closed under (Safe Composition) and the scheme f{x,y/d) = 
h{x,y/d,[J{f{z,y/d) : z G x}), cf. Proposition 13.2171 

Moreover (Safe Separation) is needed only in defining diff, b' c (Proposition 
I3.2I6P and pred(— /a) for Lemma HTT] Namely the separation diff(— /a, 6) = {c G 
a : c 6}, f{—/b,c,a) ~ {d & a : {c,d) G &}, g{—/a) = {6 G a : 3c G a[a = 
{6, c}]} and h{— /b, a) = {c £ a : a = {b, c}}. 



5 Predicatively computable functions on HF 

Let us restrict our attention to hereditarily finite sets HF^i over the set A of 
urelements. Each function / in PCSF is a function on HF^ when it is restricted 
to VFa- The size of f{x/d) is seen to be bounded by a polynomial in the sizes of 
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normal arguments x, and depend linearly on the safe arguments a, cf. Theorem 
15.21 This readily yields the converse of Lemma 14. 11 cf. Corollarv l5.16l 

Definition 5.1 1. HF denotes the set of hereditarily finite sets. The ele- 
ments of HF are denoted by x,y, . . .. 

2. A denotes a set of urelements. Wc consider the cases A C HF only. When 
A is regarded as a subset of HF, the elements of A are denoted by a, &, . . .. 
While A is regarded as a set of urelements, wc write A for A, and elements 
are denoted by a, b, c, etc. By definition a; ^ a for any x and urelements 
a. 

HF^ denotes the set of hereditarily finite sets over the set A of urelements. 
Thus HF = HF0. 

For a polynomial p{x) and hereditarily finite sets x = Xi, . . . ,Xn G HF, put 



Theorem 5.2 For each f in PCSF there exists a polynomial pf such that for 
all hereditarily finite sets x = .xi, . . . , a;„ G HF and a C HF 



where ptf(x) := p/(cT(xi), . . . , cT(x„)) and cT{a) ■.— cT{[Jd). 

Corollary 5.3 The Cartesian product prod(— /a, b) = a x b is not in PCSF. 
Even f{~/a) = {0} x a = {(0, b) : b e a} ^ PCSF. 
On the other side, f{x,y/—) = x x y is in PCSF. 

Proof. Consider the hereditarily finite sets a„ — {2, . . . ,ri} for n > 2. Then 
(0, &), {0, b} ^ TC(a„) for any b £ a„, and cT{{0} x a„) > cT(a„) + card{an). 
On the other hand we have x x y = Uue^ Ut,ey{(^: ^ 

Let us try to show that there exists a polynomial p / such that 



by induction on the construction of / G PCSF. A naive approach does not yield 
a bound which is linear in the size of a. 

Consider the case when / is defined from h by (Predicative Set Re- 
cursion) f{x,y/a) — h{x,y/a,{f{z,y/a) : z £ x}). Let ph be a polynomial 
for h. Then by IH we have cT{f{x,y/a)) = cT{h{x,y/d,{f{z,y/d) : z € 
x})) < Ph{cT{x,y)) + cT{a) + cT{{f{z,y/d) : z G x]). Hence cT{f{x,y/d)) < 
j:{Ph{cT{z, y)):ze TC({x})} + cT(a) • cT{x). 

Namely safe arguments a are duplicated and counted many times. Actually 
such a duplication never happen for safe arguments. For example, for any 
/ G PCSF" we have cT(/(— /a)) < cT{d) + c for a constant c. 

To prove Theorem 15.21 let us regard safe arguments a as urelements. 



cT{x) 
pt{x) 



card{TC{x)) 
p{cT{xi), . . . ,cT(x„)) 



cT{f{x/d))<ptf{x)+cT{d) 



cT{f{x/d)) <pf{cT{x))+cT{d) 
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Definition 5.4 Let A C HF be a set of urelements. 

1. For each n > 0, pair„ denotes an n-ary function symbol. pair„(— /ai, . . . , a„) 
denotes the set {ai,...,a„}. pair is identified with pair2; and null with 
pairg. 

2. For each (definition of) function / e PCSFU{pair„ : n > 0}, f denotes the 
function symbol for /. Also a denotes an individual constant for a € A. 

3. For X C HF, sets NTmxA^CS^) and Tmx^A{P^SF) of terms over the 
individual constants in the set X \J A and function symbols {f : / G 
PCSF U {pair„ : n > 0}} are defined recursively as follows. 

(a) iVrTOx,A(PCSF) C Tmjf,^(PCSF). 

(b) X e 7VTmx,A(PCSF) for x e X. 

(c) a G Tmx,A(PCSF) for a G A. 

(d) If / G PCSF U {pair„ : n > 0}, ^ C iVrmx,A(PCSF) and a C 
rmx,A(PCSF), then f(^/a) G Tmx,A(PCSF). Moreover if f{x/a) 
has no safe arguments, then f(C/ — ) G A^rmx,A(PCSF). 

Each term a G Tmx,A(PCSF) [ ^ G A^Ttox,a(PCSF)] is denoted a = 
a{x/a) = Ci^/^)] by displaying all occurrences of individual constants 
X C X and a C A in the term, resp. 

An occurrence of a term /? in a term a is said to be a normal occurrence 
if the occurrence of /3 is in a normal position of a (proper or improper) 
subterm 7(. ..,/?,.../...) of a. Otherwise the occurrence is a sa/e occur- 
rence. 

The uaZwe w(i) G HF^ of the term t G TTOx.yi(PCSF) is defined by replac- 
ing each function symbol f by the function / G PCSF U {pair„ : n > 0} on 
BFa- 

4- On the set Tmx, a(PCSF) of terms, define a rewrite rule t — ;> s iff there 
exists a term u[*] with a hole * such that t = u[£] and s = u[r], where the 
pair {£,r) is one of the following form for ^ U C C NTmx.A{PCSf) and 
aU {7} C Tmx,A(PCSF): 

(a) (7r;^™(c7a),e,) ij < n), (7r;^'"(c7c5),a,_„) (j > n). 

(b) (pair„(-/a),a,) {i < n). 

(c) (union(— /a), a). 

(d) (Condg(-/ai,a2,Q;3,Q;4),Q!i) [i = 1,2). 

(e) (f(— /q?, 7), 7) for functions / defined by (Safe Separation). 

(f) (f(f/"),h(r(e7-)/t(f/a))) for functions / defined by (Safe Com- 
position) from h,f,t. 
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(g) (f(C, C/a)): C/a, pair„(-/f(zi, C/a), ■ • • , f(zn, C/")))) for functions 
/ defined by (Predicative Recursion) from h, and v{£) = {zi, . . . , Zn}- 

5. Tmx, A(pair) denotes the set of terms over the individual constants in the 
set X A and function symbols pair„ (n > 0) for pairs. Each term t in 
rmx,A(pair) is identified with the hereditarily finite set v{t) G HF^ over 
the set A of urclements. 

The following Proposition 15.61 is seen as in the case for rewrite rules reduc- 
ing under the recursive (multi set) path order with the obvious precedence of 
function symbols, and follows from the following Claim [5751 

We say that a term t is terminating iff there is no infinite sequence t = 
to ^ ti ^ ■ ■ ■ oi rewritings. For terminating terms h{t) denotes the height of 
the wellfounded tree {{to, ■ ■ ■ ,tk) : t = &Vi < k{ti — !> i^+i)} ordered by the 
extensions. For ordinals a and /?, q;#/3 denotes the natural (commutative) sum 
of a and /3. We write h{^)#h{d) for /i(^i)# ■ ■ • #/i(^„)#/i(ai)# • • • #/i(a^) 
with the lists ^ = Cii • ■ • i and a ~ ai, . . . , am- 

Claim 5.5 For each f G PCSF U {pair„ : n > 0}, if ^ and a are terminating, 
then so is the term f(S,/a). 

Proof. This is seen by main induction on the precedence of the function sym- 
bols f with a subsidiary induction on the natural sum of height h{£^)4j^h{a). 
When f(^,^/a) is defined by (Predicative Recursion), the proof is by a 
subsidiary induction on the sum (w • /i(^) + ranfc(w(^)))#/i(C)#ft,((S), where 
w = sup{ranA:(z;(0) -f 1 : ^ € Tmx,A(PCSF)}. □ 

Proposition 5.6 The rewrite rule t ^ s on rTOx,yi(PCSF) is terminating, i.e., 
there is no infinite rewriting sequences to ^ ti ■ ■ ■ . 

Definition 5.7 For each term t G Ttox.aCPCSF), its cover cv{t) G rTOx,yi(pair) — 
M¥a is defined inductively on h{t) as follows. 

1. For individual constants x ^ X and a G A, cv{x) = x G HF and cv{a) = 
a G A. 

2. For projections / = ttJ'™, consider the term t ~ f(^/(3). Let s ~ if 
j < n, and otherwise s ~ ctj^n if n < j < n + m. Then cv(t) ~ cv{s). 

3. ci;(pair„(-/Q;i, . . . ,a„)) = pair„(-/cf (ai), . . . ,cw(q;„)). 

4. cv{un\on{—/a)) ~ cv{a). 

5. cz;(Condg(-/ai, q;2, as, a4)) ~ pair2(— /ci'(ai), cw(q!2))- 

6. Consider the case when / is defined from h by (Safe Separation) f{—/d, c) = 
{bee: h{-/a,b) ^ 0}. Then cu(f(-/a,7)) = cv{-f). 

7. If / is defined from h, f, t by (Safe Composition) f{x/S) ~ h{f{x/—)/t{x/a)), 
then cvm/a)) = c«(h(r(e7-)/t(e7'3))). 
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8. Consider the case when / is defined from h by (Predicative Set Recur- 
sion) f{x,y/a) = h{x,y/a,{f{z,y/a) : z G x}). Let w(^) = {zi,...,z„}. 
Then CT(f (C, C/5)) = cv{h{C, C/a, pair„(~/f (zi, C/a), • . • , f (z„, C7«)))). 

Proposition 5.8 Lei be a term with a normal occurrence of a term ^ S 

A'^Tmx,A(PCSF), and a(a;/) the result of replacing the occurrence of ^ by its 
value x = v{^) G HF. Then cv{a{^/)) = cv{a{x/)) and h{a{C/)) > h{a{x/)). 

Let t(a) G rmx,A(PCSF) with individual constants a for urelements, and 
d C rmx,A(PCSF). Tlien t(d) denotes the result of simultaneously replacing 
individual constants a by terms a in i(a). Note that individual constants a do 
not occur in the normal positions in t. 

Proposition 5.9 Let P{a) G rmx,A(PCSF), and C rmx,A(PCSF) for 1 < 
j < k with k > 1. Then there exists an injection F from TC(1J^- cv{P (a^))) to 
TC(Uj cv{P{3))) U TC(Uj cv{d^)) with cv{d^) = \J{cv{a) : a G d^} such that 
F is identity on TC(1J^ cv{d^)). 

Proof. This is seen by induction on the constructions oi P . □ 
Lemma 5.10 For t{S) G Ttox.a(PCSF) and d C Ttox,a(PCSF), 

cT{[jcv{P{d'))) < cT{[jcviPia)))+cT{[j cv{d^)). 

j 3 3 

Proof. This is seen from Proposition 15.91 □ 

A polynomial p(xi, . . . , Xn) is said to be monotonic if Vi < n[xi < yi ^ 
p{...,x,,...) <p{...,y,,..:)]. 

Lemma 5.11 For each term a{x/di) G Tmx, a(PCSF), there exist monotonic 
polynomials qa{x) and pa{x) for which the following holds. 

1. Let {xl : 1 < j < 1 < J < fc} C HF be hereditarily finite sets, Xi = 
x], . . . , x^ , and a? = a;{, . . . ,x{^. Also let Ux = Uxi, . . . , Ua;„ with Uxi := 
[j{xi:l<j <k}. 

Then for any lists x^ (1 < J < k) of hereditarily finite sets and urelements 
a 

cT{\Jcv{a{xya))) < pt^{Ux) (2) 

3 

For any lists x,y C HF of hereditarily finite sets 

cT{v{a{x/y))) < cT{cv{a{x/y) j) + + qt^{x) (3) 

where ia denotes the sum of indices £i of the function symbols pair^. oc- 
curring in the term a{x/a). 

^In the previous version I was wrong to state TC(i)(t)) C TC{cv{t)) for any term t G 
Tmx,A(PCSF). This does not hold for pairing terms pa\r„{— /t) as pointed out by Sebastian 
Ebcrhard. 
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Proof. The lemma is shown by simultaneous induction on h{a). 

If a is an individual constant Xi, then qa{x) = and Pa{x) = J2i ^i- 
If a is an individual constant a^, then qa{x) = Pa{x) = since cT(a) ~ 0. 
In what follows let a(x/a) = f (f(f/-)//3(x/a)). Let z C HF be values of 
terms ^(x/—) in normal positions. Bv Proposition lSTSl we have cv{^{£{xl—MBix l^))) = 
CT(f(iy/3(af/a))). Also the number is unchanged since pair„ for n > does not 
occur in any normal positions. On the other hand we have for each ^ G ^ and 
z = v{Cs, cT{z) = cT[v{^{x/-))) < cTicvia^/-))) + qW) <Pki^) + qki^)- 
Hence it suffices to show the lemma for the reduced term f{z//3{x/a)). 

(Projection) If / is a projection 7rJ'"\ then cv{f{z/f3{x/a))) is one of cv{z) = 
z and cv{l3{x/a)). In the latter case IH yields ([2]). On the other side 
v{f{z//3{x/y))) is one of v{z) = z and v{(3{x/y)). In the latter case IH 
yields ©. 

(Pair) If f is a pair pair„, then ci;(pair„(— //3(a;/a))) = pair„(— /c7j(/3(a;/a))), 
and TC(pair„(-/CT(/3(f/a)))) = pa<(-/cz;(/3(x/a-))) U TC(CT(/3(x/a))). 
Hence Pa{x) = n + ^{pp{x) : /3 G /?} suffices for ([2|). On the other side 
i;(pair„(-//3(a;/y))) = pair„(-/z;(/3(x/y))), and TC(pair„(-/z;(/3(x/y)))) = 
pair„(-/«(/3(f/y))) UTC(i;(/3(f/y))). Hence q^{x) = E{(?/3(f) : /3 G /3} 
suffices for ([3]) since = n + for = Yli^P : /3 G /?}. 

(Union) If / = union, then TC(CT(union(-//3(x/a))) = TC(ci;(^(f/a))). Hence 
Pa{x) = Pp{x) suffices for ([2]). On the other side qa{x) ~ qpix) suffices for 
P since ^„ = and TC(Uy) C TC(y). 

(ConditionalG) If / = Condg, then CT(Condg (— //3i(a;/a), /32(a;/a), /33(a?/a), /34(x/a))) = 
pair2(-/CT(/3i(x/a)),CT(/32(x/a))). Hence pa(^) = 2+pp^{x)+Pi32{x) suf- 
fices for ([2]) . Qa (x) ~ qp^ (x) + qp^ [x) suffices for Q since la > + ^/Sj ■ 

(Safe Separation) Consider the case when / is defined from h by (Safe Sepa- 
ration) /(-/a,c) = {6 G c : h{-/a,b) ^ 0}. Then ^(f (-//3(f/a), 7(f/a)) = 
cv{'y{x/a)). Hence Pa{x) = p-y{x) suffices for qa{x) = q-y{x) suffices 
for ([3]) since f{—/a, c) C c and la > ^7- 

(Safe Composition) Consider the case when / is defined from h, r and t 
by (Safe Composition). We have cv{^{zP / j3{x^ /a))) = cv{'-f{z^ ,x^ /a)) 
where 7(2-', /a) = h{r{zj /—)/i{z^ /P{x^ /a))). Rcncc pa{z, x) =pj{z,x) 
suffices for ([2]), and qa{z,x) = q^{z,x) for 

(Predicative Set Recursion) Consider the case when / is defined from h by 
(Predicative Set Recursion), f{x,y/a) = h{x,y/a,{f{z,y/a) : z G 
x}). 
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For a polynomial for ^ of 7(0;, y, z/a, b) = h(a::, y//3(z/a), b) we show 
by a subsidiary induction on cT(\Jx) that 

cT(|Jci;(f(a;^jP7/3(z-'/a)))) < pt^(Ua;, Uy, Uz) ■ (l + cr(Ua;)) 
where Ux = lj{a:;-' : 1 < j < A:}. 

First consider the case when Ua; = 0. Then by IH with Lemma [5.101 and 
cT(cu(pairo(— /— ))) — we have 

cT{[}cv{^{x\f/P{z^/m) = cT{[}cv{h{x\f/P{z^/?), pair^))) 
3 J 

< pi^(Ua;,Uy,Uz) 

Next consider the case when Ux ^ 0. We have by IH with Lemma [5.101 

cT(|Jc«(f(z^^//3(z^7a)))) 

3 

= cTi[jcvih{x^ ,f /^{:? /a),{Hu,f /Piz^ /a)) : u e x^}))) 
3 

< pi^(Ua;,Uy,Uf) +cT(|J{cu(f(u,jr'7/3(zVa))) : u 6 x'}) 

3 

< ptj{Llx,Uy,Llz) + card{Ux) + cT{ [J cv{f{u,ip/(3{z^/a)))) 
By SIH we have 

cT{ y cv{f{u, f/P{zJ/a)))) < pt^{\J yJx\\Jy, Uz) ■ (1 + cr(|J Ux-'")) 

j.uexi j j 

where TCdJ^Ux^) U (Ux) = TC(Ux), and cT{[j^Ux^) < cT{\Jx) unless 
Ux = 0. Hence we have by the monotonicity of the polynomial p~j{x, y, z) 
with respect to the argument x, pi^ (IJ^ Ux^ , Uy, Uz) < pi-y(U.x, Uy, Uz) 
and card{Ux) < card(TC(Ux)) = cr(Ux) 

cT(|Jc«(f(x^yV/3(^^/a)))) 

3 

< pt^(Ux,Uy,Uz) +card(Ux) +cr( y ^(f (m, jF7;^(^7a)))) 

< pty{Llx,Uy,L>z) +card{Llx) + pt^{[jL>x\Uy,Uz) ■ (1 + cT(y Ux-'')) 

3 3 

< pmux, Uy, Uz) + cT(Ux) + ipm[J Ux^ Uy , Uz) - 1) • cr(Ux) 

3 

= pt^(Ux, Uy, Uz) • (1 + cr(Ux)) 
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Therefore Pa{x, y, z) = p^{x, y, z) • (1 + x) works for 1^ of a. 

Finally consider ([3]) of a = f{x,y//3{z/a)). We have for x ~ {ui, . . . , u„} 
v{f{x,y/l3{z/S))) ^v{S{x,y,z,ui,...,Un)) ior 

5{x,y,z,ui, ...,Un) = h(a;,y/^(z/a),pair„(-/f(ui,?7//3(z/a)), . . . , f (m„, ^//^(z/a)))), 
and similarly for covers. For a polynomial qs for ([3]) of 6{x, y, z,ui, . . . , Un) 
we have cT{v{6{x,y, z,ui,. .., u„))) < cT{cv{S{x,y, z,ui,.. u„))) +4 + 
qts(x,y,z,ui, . . . ,Un)- For each Ui we have TC(ui) C TC(a;). Hence 
for a monotonic polynomial g', qts{x,y,z,ui,...,Un) < q't{x,y, z). On 
the other hand we have £s < £a{n + 1) + n < + {£a + l)cT{x) for 
n = card{x) < cT(x). Hence qa{x^ y, z) = q't{x, y, z) + + l)x works for 
© of a. 

□ 

Proof of Theorem O 

Lemma [5.101 with Lemma [5.111 vields for a = ai, . . . , a,i G HF 

cT{f{x/a)) = cT{v{f{x/d))) < cT{cv{^{x/a))) + qtf{x) 
< cT{cv{f{x/a))) + cT{cv{d)) + qtf{x) 

= cT{cv{i{x/a))) + cT{a) + qtf{x) < ptf{x) + qtf{x) + cT{d) 

where the index f in pf and qf denotes the term i{x/a). Hence the sum pf{x) + 
qfix) is a desired one. 

This completes a proof of Theorem 15.21 □ 

5.1 Computing on directed acyclic graphs 

Now we show that any function / G PCSF is polynomial time computable when 
wc restrict / to HF. To be specific, let us encode hereditarily finite sets first by 
DAG's(Directed Acyclic Graphs), and then encode DAG's by natural numbers. 

Definition 5.12 A DAG with root is a triple G — (V, i?, r) of non-empty finite 
set V of natural numbers, E <CV xV and r such that 

1. The only node of indegree zero is r, i.e., Sa G V[{a,r) G E\ and Va G 
V\{r}3b<EV[{b,a) & E]. 

2. y{a,b) G E[a > b]. 

In what follows a DAG with root is simply said to be a DAG. (a, b) ^ E desig- 
nates that there is an edge from a to b. From the condition ^ in Definition l5.12l 
we see that G is acyclic. For a DAG G = {V, E, r) we write V = Vg, E =■ Eq 
and r ~ vq. 

For nodes a & G, G\a denotes a DAG G\a = {Vela, EG\a,a) defined by 
Ecla ~ Ea C] (Vela x Vola), and for b G Vq, b G Vela iff there exists a path 
from a to 6 in G, i.e., there is a sequence {(a^, 6i)}j;<,i C Eq such that qq = a, 
bn-i = b and \/i < n—l{bi = fli+i). 



14 



The rank rkoifl) of nodes a in G is defined by rkcia) = max{rfcG'(&) + 1 : 
(a, 6) e Eq}- Then the rank of G is defined by rk{G) = rkc{r). While the length 
icia) of the longest path from r to a is defined by €0(0) = m.ax{iG{b) + 1 : 
(6, a) G -Eg}: where inax0 := 0. 

Since DAG is similar to term graph, we follow terminology in |5]. 

Definition 5.13 Let G = {Vq, Ecro), H ^ {VH,EH,rH) be DAG's. 

1. Each node a € G encodes a hereditarily finite set set da) defined by 
recursion on ranks rkcia): 

setaia) = {setaib) : {a,b) £ Eg}- 

DAG G encodes a hereditarily finite set set{G) = setoirG)- 

2. a £ G and b £ H arc hisimilar (with respect to G,H), denoted a ~g.h b 
or simply a c± iff setG{a) ~ set nib). 

G and H arc hisimilar, denoted G ~ iJ iff —g,h th, i-c, set{G) = 
set(i7) 

5. G is /uZ/?/ collapsed iff for any nodes a, 6 in G, if setG{a) ~ setG{b) then 
a = &. 

Clearly a ~g ^ rk{a)G — rkG(b). 

We assume a feasible encoding of finite sequences of natural numbers, (ao, . . . , a„_i) 
denotes the code of sequence (ag, . . . , a„_i) of natural numbers a^. [G] S w de- 
notes the code of DAG G = iV,E,r). Specifically \{V,E,r)~\ = {\V^, \E^,r), 
where for nodes V = {r = > ai > ■ ■ ■ > a„i_i}, its code \V~\ = (ao, . . . , a,„_i), 
and for edges E = {eo, . . . , e„_i}, \E'] = ([eol , . . . , [e„_i]), where [(a, 6)] = 
(a, &) and [eol > • • • > \en-i\- 

It is plain to see that to be a code of a DAG is polynomial time decidable, and 
ranks rkG{a) and lengths ^g(i) of nodes a in G are polynomial time computable 
from n = \G~\ and a. Moreover given a code [G] of DAG and a node a G Vg, one 
can compute the code [G|a] in polynomial time. Therefore let us identify DAG 
G with its code [G], and, e.g., say that G\a is polynomial time computable. 

Let |n| = [log2(ri + 1)J. There is a constant a such that for any DAG G 

cT{set{G)) < card{VG) - 1 < | [G] | < a\rG\ ■ card{VGf 

and if G is fully collapsed, 

cT{set{G)) = card{VG) - 1 < | [G] | < a\rG\ ■ cT{set{G)f. 

We say that G is balanced if a < card{VG\a) for any a £ Vg- For balanced 
and fully collapsed DAG G, cT{set{G)) is polynomially related to |[G]|. 

Proposition 5.14 1. Bisimilarity in DAG's is polynomial time decidable. 
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2. There is a polynomial time function R such that for any given DA G G, 
R{G) and G are hisimilar and R{G) is balanced with [i?(G')] < [G] . 
Moreover if fully collapsed, then so is R{G). 

3. There is a polynomial time function c such that for any given DAG's 
Go, • ■ • , Gn-i, c(Go, . . . , Gn-i) is a fully collapsed DAG such that 

set{c{Go, . . . , G„_i)) = {set{Gi) : i < n}. 

Proof. 15.14111 Let b Eg a iS there exists an edge (a, b) G Eq- Then G ~ iff 
Va Sg rc^b Eh rH{G\a ~ H\b) k^b Eh rn^a Eg rG{G\a ~ H\a). A bisimilar- 
ity test is performed at most card{VG) ■ card{VH) times. 

15.14131 We can assume that sets Vq. are disjoint, for otherwise replace Gi by 
{i} X Gi, where V{i}xG, = {T^iha) : a E VfeJ and E^i^-^G, = {(7r(«, a), 7r(i, 6)) : 
(a, &) E Eg,} for the bijective pairing 7r(i,j) = + Note that 

a > b ^ TT(i,a) > 7r(i,6). Let r ~ maxjrci : i < n} + 1, and G be the joined 
DAG. Vg = W U U<„'^g., tg = r and Eg = {(r,rG.) : z < 7^}U<„^^G.. 
Clearly set{G) = {set{Gt) : i <n}. 

By recursion on ranks define DAG's {i?i}-i<i<rfc(G) so that each c:^ G 
and any bisimilar pair a —Hi b has ranks larger than i, rkn^ (a) = rkn^ (b) > i, as 
follows. Let H-i = G. Assume that has been defined. Consider a E 

of rank i and its bisimilar class Bi{a) = {b E Vui^i ■ b —Ht^i a}, and let us share 
nodes in Bi{a). Note that for h,c E Bi{a) and any d, {b, d) E Eh^ ^ (c, d) E Eui 
by the construction. Let a; = min_Bi(a). Delete every nodes in Bi(a) except 
a,, and each edge {d, b) E EHi_i for b E Bi{a) is switched to a new edge {d, at), 
where d > b > ai. The switchings are performed for each a E -ffi-i of rank i. 
The resulting DAG Hi is bisimilar to and a c^Hi b =4> rkHi{a) > i. 

Thus c(Go, . . . , G„_i) = Hrk{G) is fully collapsed and bisimilar to G. □ 

Each / G PCSF on HF is a polynomial time computable function in the 
following sense. 

Theorem 5.15 For each f E PCSF, there is a polynomial time computable 
function F such that for any balanced and fully collapsed DAG's G, H , F{ [G] , [iJ] ) 
is a code \K'\ of a balanced and fully collapsed DAG K such that f {set{G) / set{H)) = 
set{K). 

Proof. This is seen by construction of / S PCSF. We assume that any DAG is 
transformed to a balanced one if necessary by Proposition 15. 14l2l 

(Pair) The case when / is the pairing pair follows from Proposition 15.14(31 
(Union) For DAG G, a DAG H such that set{H) = U(set(G)) is obtained 
by rn = rG, Vh = {a E Vg ■ ^G(a) 1} and for a,b E Vr, [a, b) E Eh iff cither 
(a, b) E Eg or there is a c € Vg such that ^g(c) = 1 and (a, c), (c, b) E Eg- 

(Conditionale) follows from Proposition l5.14fTl and (Safe Separation) 
follows from IH. 
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Next consider (Safe Composition) 

f{x/a) = h{fix/-)/t{x/d)). 

If all of h, r and t are polynomial time computable on DAG's, then so is / by 

Theorem O 

Finally consider (Predicative Set Recursion) 

f{x,y/a) = h{x,y/a,{f{z,y/a) : z G x}). 

Assume that x,y,a are hereditarily finite sets set{G), set(H), set{K) for fully 
collapsed DAG's G, H, K. Let us describe informally a polynomial time compu- 
tation of a fully collapsed DAG L such that set{L) = f{set{G), set{H) / set{K)) . 
By recursion on ranks rkcia) of nodes a in 'circuit' G, assign a DAG La 
such that set{La) = f{set{G\a),y/a) to a as follows. If a is the leaf, i.e., the 
node of outdegree zero, then La is a fully collapsed DAG such that set{La) = 
f{%,y/a) = h{%,y/d,%). Next consider the case when a is not a leaf, and let 
60, ■ • ■ , &n be the sons of a in G: {&07 • ■ • , ^n} = {6 G G : (a, 6) G -Eg}- As- 
sume that for each son hi a fully collapsed DAG L^. is attached to hi so that 
set{Lb-) = f{set{G\hi),y/a). Then by Proposition 15.14131 compute a fully col- 
lapsed DAG G = c{Li,g, . . . , Lb„), and then let La be a fully collapsed DAG such 
that set{La) — h{set{G\a),y/a, set{G)). 

Let us estimate roughly the number of computation steps. The number of 
computations of the function h is cT{set{G)) + 1. By Theorem 15.21 we have a 
polynomial p / such that 

cT{La) < Pf{cT{set{G\a)), cT{set{H))) + cT{set{K)). 
Since all DAG's are balanced and fully collapsed, we have for a polynomial p'^ 

\\La^\<p'f{\\G\a^\^\H^l\\K^\). 

Hence each computation of h is performed in the number of steps bounded by a 
polynomial of | [G] | , | \H~\ \ and | \K~\ \ . Moreover the number of computations of 
G = c{Li,g, . . . , i6„) is cT(set{G)), and each computation of G is also performed 
polynomially in | [G] | , | \ and | [/v ] | . Hence the number of computation steps 
for L is bounded by a polynomial of | [G] | , | \H~\ \ and | \K~\ \ . □ 

Corollary 5.16 Suppose a set theoretic funetion F{x) is a function on binary 
finite strings when we restrict to finite strings: Vs C ^"23t G ^"2(_F(z^(s)) = 
v{t)). Then F{x/—) G PCSF iff the function s ^ v^'^{F{v{s))) is polynomial 
time computable. 

Proof. Assume F G PCSF, and let f{s) = iy-\F{i^{s))). Then F is a poly- 
nomial time function on MF in the sense of Theorem 15.151 Since the function 
s I— > [;^(s)] and its inverse [!^(s)] 1— > s are polynomial time computable, so is /. 

□ 
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Remark. Let F be a polynomial time computable function for / G PCSF in 
Theorem 15.151 Then F has to be an 'extensional' function on DAG's. This 
means that for any balanced and fully collapsed DAG's G, H 

set{G) = set{H)kF{\G]) = \iqSzFi\H]) = \L] set(K) = set{L). 

1. It seems to us that the converse holds. Namely let F be a polynomial 
time computable function such that F([G]) is a code of balanced and 
fully collapsed DAG for any balanced and fully collapsed DAG's G, and 
F is extensional in the above sense. Then the set-theoretic function / on 
HF is defined by f{x) = set{H) where x = set(G) and F([G]) = \H] for 
some (any) balanced and fully collapsed DAG's G and H. 

Problem. Show that the / is a restriction of a function in the class PCSF 
on HF. 

2. Let c(— /a) be a choice function which chooses an element 5 € a from 
non-empty sets a. Let us set c(— /0) = 0. It is unlikely the case that there 
is such a c in the class PCSF, nor c on HF is (extensionally) polynomial 
time computable in the sense of Theorem 15.151 Obviously there exists an 
intensional function G which depends on codes. Given DAG's G, if Vq 
{ro}, then let uq = max{a € Vo ■ a ^ tg}- Then set{G\aG) S set{G), 
and [G] ac is polynomial time computable, and so is the function 
G([G]) — \G\aG~\)- However G is not extensional. 

Also see subsection 16.31 

6 Fragments of set theory for PCSF 

In this section let us introduce four fragments of set theory, and examine 
Ei-dcfinablc functions in these fragments. It turns out that two in four Si- 
define PCSF-functions having normal arguments only, the other Si-define PCSF- 
functions with choice function, and the remaining one is too stronger. 

Let BS denote a fragment of set theory consisting of the axioms of exten- 
sionality, null set, pair, union, Ao-Separation scheme. The set theory BS + 
Ag-CoUection -I- Ei-Foundation is then obtained from BS by augmenting Ag- 
CoUection scheme and Foundation scheme to Si-formulas (p, V6[Va G b (p{a) — 
(p{b)] yb(p{b). M. Rathjcn [2] showed that a set-theoretic function is Si- 
definable in BS + Ag-CoUection 4- Ei-Foundation iff it is primitive recursive in 
the sense of Jcnscn-Karp [7]. 

The theory BS{V) is obtained from BS by expanding the language to {g, V} 
with a unary predicate T>. BS{'D) has an axiom stating that the class 1) is 
transitive, and an axiom stating that there exists a transitive set containing the 
set. 

Definition 6.1 BS{T>) denotes the set theory BS in the expanded language 
{EjT)} for a unary predicate symbol T). BS{V) has an extensionality axiom 
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Va, 6[a = b ^ V{a) ^{b)], where a = & :<J:^ Vc £ a(c G 6) A Vc e b{c G 
a), and the axioms (transitivity) and (transitive cover) defined below. In 
Ag-Separation scheme Aq remains to denote the class of bounded formulas in 
the language and similarly for the classes Si, Hi. This means that the 

predicate T? does not occur in any Ap-formulas. 

x,y, z, . . . are variables ranging over elements in the class 2?, while a,b,c, . . . 
are variables ranging over the universe. 

(transitivity) 

Va,6[6 e a ^ V{a) V{b)]. 

(transitive cover) 

Vx G V3a[x C a A tran{a)] 
where a; G 2? T^i^) and tran(a) V6 G die G 6(c G a). 
Note that the class V can be empty. 

Four fragments of set theory are introduced. Each extends BS{'D) by adding 
restricted Collection, and restricted Foundation schemata, and either an axiom 
stating that the class 2? is a Ei-elementary submodel of the universe, or a weaker 
inference rule for the submodel condition. One has a choice function such that 

67^ ^ C{-/b) G b. 

(Si-Submodel) For each Ao-formula (^(.t, a) whose free variables are among 
the list .T U {a} 

V.f [3a a) 3yLp{x,y)]. 

This is a shorthand for 

VS" G 'D\3a ip{x, a) — !> 3y G 2? <p(x, y)] 

with X CV -.^ 2?(f) :<;^ /\{'D{xi) : Xi G x}. 

(Si-Submodel Rule) For each Ao-formula (p{x, a) whose free variables are 
among the list x U {a} 

Vx3a ^{x, a) 
ix3yip{x, y). 

This is a shorthand for 

Vx[2?(x) — >■ 3a Lp{x, a)] 

vi[p(iy^3^(p(^y7:^^(i^ 

This rule says that 'infer 3yip{x,y) from 3aip{x,ay if 3aip{x^a) is deriv- 
able without assumptions. 

Note that the inference rule is weaker than the axiom (Si-Submodel). 

A related inference rule in the context of arithmetic was investigated by 
Spoors and Wainer [TU] . 
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(a; 



-Collection) For each Ao-formula 



\/y[\/x G y3a ip{x, a) — > 3c\fx G y3a G c ip{x, a)] 



where in ip parameters d may occur. Formerly the axiom should be 

\/d\/y G V^x/x G y3aip{x, a, d)) — > 3c\/x G y3a G c(/?(a;, a, d)]. 



(s: 



f -Foundation) For each Ao-formula 



Vy[Va; G y3a ip{x, a) 3a Lp{y, a)] \fy3a (p{y, a). 



The variables x and y are assumed to range over elements in the class 2?, 
and if may have parameters d. 

(Choice) Let C be a unary function symbol denoting a choice function C{—/b) 
such that 



Next we expand the language {g,P} by adding function symbols f corre- 
sponding to the function / G PCSF. 

Ao(PCSF) denotes the class of bounded formulas in the language {g} U {f : 
/ G PCSF} with function symbols. Note that the predicate V does not occur 
in Ao(PCSF)-formulas. Classes I]i(PCSF), ni(PCSF) of formulas are defined 
similarly. 

(Ei(PCSF)-Submodel) For each Ao(PCSF)-formula ip{x,a) whose free vari- 
ables are among the list xU {a} 



Again variables x and y arc assumed to range over elements in the class 
I?, and in ip parameters d may occur. 

(PCSF) For each / G PCSF, Axf denotes a defining axiom of the function /. 
For example, when f{~/a,c) ~ {b £ c : h{—/d,b) ^ 0} is defined from h 
by (Safe Separation), V6[& G f (-/a, c) o 6 G c A 3d G h(-/a, &)(0 = 0)] 
is the axiom Axf. 

If f{x/d) = h{f{x/—)/t{x/d)) is defined from /i, r, t by (Safe Composi- 
tion), then Va? C VNd[^{x/d) = h{Y{x / —) / t{x / a))] is the axiom Axf. 

If f{x, y/a) = h{x, y/a, {f{z, y/a) : z G x}) is defined from h by (Predica- 
tive Set Recursion), then Vx G TNy C TN(Nb[b — {f(2:, y/d):z&x}^ 
f{x,y/d) = h{x,y/d,b)] is the axiom Axf, where b = {f{z,y/d) : z G x} 
denotes Vz G x[f{z,y/d) G &] A Vc G b3z G x[c = f{z,y/a)]. 



(C(-/0) = 0) A V6[5 ^ ^ C(-/5) G b]. 



\/x[3aLp{x,a) -> 3yip{x,y)]. 



(Aj'(PCSF)-Foundation) For Ao(PCSF)-formulas ip 



Vy[yx G y(p{x) ip{y)] Vyip{y). 
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Definition 6.2 Four fragments are defined as follows. 

1. (Aj'-Coll)+(i;i-Sm)+(i;?-Fund) denotes the theory extending BS{'D) 
by adding the three axiom schemata (Aj'-Collection) , (Si-Submodel), 
and (S^-Foundation). 

2. (A5'-Coll) + (i;i-SmR) + (i;f-Fund) +(Choice) denotes the formal sys- 
tem extending BS{'D) in the language C} by adding the rule (Si- 
Submodel Rule) and the axiom schemata (Aj'-Collection) and (Sf- 
Foundation), and the axiom (Choice) for the choice function C. 

3. (a) BS{PCSV) denotes the theory BS{'D) in the expanded language with 

function symbols in PCSF. Each axiom Axf is in ^^(PCSF) for 
/ S PCSF. and Ap-Separation is applied to Ao(PCSF)-formulas in 
B5(PCSF). 

(b) (Ag'(PCSF)-Coll) + (I]i(PCSF)-Sm)+(Aj'(PCSF)-Fund) denotes the 
theory extending _BS'(PCSF) by adding the three axiom schemata 
(Ag'(PCSF)-Collection), (i;i(PCSF)-Submodel) and (Ag'(PCSF)- 
Foundation), where Ao-CoUection is applied to Ao(PCSF)-formulas 
in S5'(PCSF). 

(c) (A^(PCSF)-Coll) + (A^(PCSF)-Fund)+y = V denotes the theory 
extending (Ag'(PCSF)-Coll) + (Si(PCSF)-Sm)+(Ag'(PCSF)-Fund) 

by adding the the axiom V which states Va[I?(a)]. 

Obviously (A^(PCSF)-Coll)+(A^(PCSF)-Fund)+y = 2? is equivalent to 
a theory in the language {g} U {f : / G PCSF} extending BS by adding the 
axiom schemata (Ao(PCSF)-Collection) and (Ao(PCSF)-Foundation). 

Definition 6.3 Let T be one of four fragments, and L denote its language 
without the predicate symbol T). 

We say that a set-theoretic function f{x/a) is Y^i-definable in T if there 
exists a Si-formula (p{x/a,b) in L such that T h Va; C INa3\b(p{x/a,b) and 
f{x/a) ^ b 4^ V \^ Lp{x/a,b) for any x,a,b. When the function symbol C is in 
L, El-formula may have the symbol C, and f{x/d) = 5 <^ {V;C) |= ip{x/d,b) 
for a fixed choice function C. 

Definition 6.4 PCSFc denotes the class of set-theoretic functions obtained 
from the class PCSF by adding a fixed choice function C{~/b) such that C(— 0) = 
and V6[5 / ^ C{-/b) G b]. The class PCSFc is defined to be closed under 
(Safe Composition) and (Predicative Set Recursion). 

Now our theorem runs as follows. 

Theorem 6.5 1. (Cf. Lemma \ 6.7\ ) f{x/—) is a primitive recursive set 
Junction in the sense of Jensen-Karp ^ iff f(x/~) is Y,i- definable in 
(A^-Coll)-h(X;i-Sm)-h(X;?-Fund). 

Hence (Aj'-Coll)-|-(Ei-Sm)-|-(E^-Fund) 'Si-defines a function not in 
PCSF. 
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2. (Cf. Lemma\KE) f{x/-) E PCSF iff.f{x/-) is T,i- definable in {A'^{PCSF)- 
Coll) + (I]i(PCSF)-Sm) + (A^(PCSF)-Fund) ijf fix/-) is Ei-definable 
in (A^(PCSF)-Coll) + (A^(PCSF)-Fund)+y = V. 

3. (Cf. Lemmas\Mand\EM) f{x/-) e PCSFc iff fix/-) is Y.i- definable 
m (A5'-Coll)+(i;i-SmR)+(i;f-Fund)+(Choice). 

Let KP-{V) = BS{V) + (Ag'-CoUcction). 

It is obvious that ii'P"(I')+Ef -Foundation+(y = V) = /sTP'+Si-Foundation 
where V = V denotes \/a3x[D{x) A a = x]. 

Let E'^ denote the class of formulas obtained from Ap-formulas by means of 
unbounded existential quantifiers 3a, and bounded universal quantifiers Vx G y 
for y & V. Note that the class Yp of formulas is not closed under bounded 
universal quantifications Va G b. 

As in [2] it is plain to see that KP'iT)) proves E-^-Rcflcction, /\{'D{yi)^ 
[if <-> 3a for each ip G S^, where {yi} denotes the list of variables such that 
Vx G yi occurs in ip and in the scope of Vx G yi an unbounded existential quan- 
tifier occurs. Moreover KP'iV) proves S-^'-Collection, — !• A{^(2/i)} ~^ 
Vx G y3aLp{x,a) — > 3cVx G y3a G c(p(x, a) A Va G c3x G y(p{x,a), and A^- 
Separation, /\{'D{yi)} -^Vb e a{(p{b) ^ -^^^{b)) 3c[c = {b e a : (p{b)}], where 
(f and Ip are S^-formulas, and again {y,} denotes the list of variables as in 
E^-Reflection. 

However it is dubious about the provability of E^-Rcplacement, 

^(y) ^ /\{'D{yt)} ^"^x G y3\aip{x,a) ^ 3c G -"Wy G xip{x,c'y) 

where c G '^V <^ (c is a function with dom{c) = x), since the fragment (Ei- 
SmR)-|-(Ef -Fund) does not prove the existence of the Cartesian product y x 
b. Without E-^-Replacement it is unclear how to prove the existence of the 
transitive closure TC(x) of x G 2?. Due to this reason the axiom (transitive 
cover) is included in KP~{'D). 

KP^ {'D)+ (E^-Submodel Rule) proves that the predicate T> contains 
each hereditarily finite set. Moreover each axiom of KP~{V) is provable in 
KP~ {!))+ (Ef-Submodel Rule) if the axiom is restricted to the class V. For 
example, V{c} U dc V3a ^ V[a = {b e c : ip{b,d)]] is provable in KP-{V)+ 
(E|'-Submodel Rule) for Ao-formulas (p. 

6.1 Si-definability in fragments 

First let us verify the easy half in Theorem 16.5131 

Lemma 6.6 Each f{x/a) G PCSFc is Y.i-definable in T^c :=(A§'-Coll) + (Ei- 
SmR) + (Ef-Fund) + (Choice), where by a Yii-formula we mean a Yii-formula 
in which the function constant C may occurs. 

Proof. By induction on the construction of /. 
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For the fixed choice function C, C{— /a) is defined by the Ao-formula C(— /a) = 
6 in (T/;C). 

For a PCSF^- function /, show that in Tac, / is Ao-definable together with 
its simplicity, cf. Proposition [3TT] 

Let f{x/d) — h{r{x/—)/t{x,a)) be defined by (Safe Composition) from 
h, f and and tph, and ipp be Si-formulas for /i, r and t, resp. Let 

ffix, a, h) 3r3t[iy9f (x, r) A iy3f(x, d,i^ A iph{r, t, b)] 

where (pf{x,f) f\i'Pri{x/-)ix,ri) for r{x/-) = {ri{x/-))i and r = (ri)^. 
By IH Tsc proves Vx C I'3!f (x, r), Vr C 'D'it^\hiph{'r,t,b) and similarly for 
t{x/a). Then by the inference rule (Si-Submodel Rule) we have in T^c, 
Vaf C X'3r C V ipp{x,r), and Va? C PVr [(/5,-?(a;, r) — >■ r C 2?]. Hence Vx C 
I?Va3!&(p/(x, a, b). 

Let f{x,y/a) — h{x,y/a,{f{z,y/a) : z G x}) be defined by (Predicative 
Set Recursion) from /i, and Lph be a Si-formula for /i. 
Let for arbitrarily fixed y 'ZT) and a, 

ip{x,u,y,d,b) :<t4> [(x U {x} C it) A tran(it) A 3c0o(a;, it, &, c)] 
V[^{(x U {x} C u) A tran('u)} A 6 = 0] 

where for c"x — {d z : z G x} 
Oq(x, u, b, c) 

(c is a function on a transitive set dom(c)) A x U {x} C dom(c) (4) 
AVz G dom(c) n u{iph{z, y, a, c"z, c'z)) A (c'x = 6) 

We show \/y C TNaix^u G T>3\b (p{x,u,y, d,b). By the axiom (transitive 
cover) we have Vx G 2?3u[(x U {x} C u) A tran{u)], and by (Ei-Submodel 
Rule) such a u exists in V. Since /(x, y/a) =6 iff 3u[(xU {x} C u) Atran{u) A 
(f{x,u,y,d,b)] iffVit[(xU{x} C u) Atran{u) — > ip{x,u,y, d,b)], f is Si-definable 
in T2, too. 

There is nothing to prove for the uniqueness. Let ^(x, u, c) :<^=> ^0(2;, u, c'x, c). 
Suppose xo G 2?, and let m G 2? be a transitive set with xq U {xq} C u. We show 
3c9{xo,u,c). We have u C P by (transitivity). 

Suppose Vz G X n u3c6{z^ u, c). We show Bc0(x, u, c) assuming x G u. Then 
by (Ef'-Foundation) we have Vx G 2? n m3c6'(x, u, c). Hence 3c9{xo,u,c). 

First by (A^-Collection), c"z and c \u exist as a set for any c and any 
z,u G T>. Again by (A§'-Collection) pick a. d ~ {d^, di} so that Vz G xnu3c G 
(io[6'(z, u, c) A (c f u) G di]. Let e = {& G di : 3c G do^z G x[0{z, u, c) Ab = c \u]}, 
and Co ~ Ue. Then cq is seen to be a function on a transitive set dom(co) 
such that X C dom(co), as follows. Since u is transitive and x G u, we have 
X C u, and hence x C dom(co). For ci |" m, C2 I" w G e and z G di H 1^2 with 
di = dom(ci) n u (i = 1,2), if c'/z = C2'z, then iph{z,y,d,c'lz,c[z) for i = 1,2, 
and c'^z = C2Z. (Sf -Foundation) with di U d2 C it C P yields ci f (di n d2) = 
C2 |"(di n d2). Hence cq is a function. 
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Let b be such that (ph{x,y,a,CQX,b), and let Cx = cq U {(.t,6)} by IH 
Va; £ TNy C T>\f(Nc3bl iphix, y, a, c, b). Then u, Cx) as deshed. □ 

Remark. 

1. Let Tg be obtained from T^c by dropping the axioms (transitive cover) 
and (Choice) and by extending axiom schemata (A^-Collection), (Si- 
Submodel Rule) and (Sf -Foundation) to the cases when the predicate 
V occurs only positively in the bounded formulas f. Let us call such a 
formula Ao(2?~'')-formula. Then we see that each PCSF-function f{x/a) is 
Si(D+)-definable in T^. 

The 'only-if part is seen by deleting the parameter u, and replacing x U 
{x} C dom(c) by a; U {a;} C dom(c) C P in ([4]) of the proof of Lemma 

Observe that 3a{a ^ 2?) ^ 3a G V{a ^ V) yields V = V. 

2. Consider f{x/d,c) ~ {b E c : h{x/d,b) ^ 0} for Si-definable function 
/i, then (Ei(I?)-SmR)+(Si(I?)-Fund) proves the existence of f{x/a,c) 
from A(I')-Separation. However {b G c : h{x/a,b) 7^ 0} = d <^ V6 S 
d[b € cA h{x/d, 6) 7^ 0] A V6 e c[h{x/d, b) ^ ^ b G d] seems not to be a 
Si-relation due to the bounded universal quantifiers Vb £ d,'^b G c whose 
scope contains an unbounded existential quantifier. 

Next we prove Thcorcm l6.5lll Lemma 16.71 shows that any primitive recursive 
function is Si-definable in (I]i-Sm) + (I]f -Fund). For example, the set "x of 
all functions from any natural number n to sets x G V is seen to exists provably 
in (Si-Sm) + (S]^-Fund). By Theorem 15. 21 the primitive recursive set function 
{n,x) i-T- "x is not in PCSF. 

Lemma 6.7 A set function f{x) is 'Si-definable in Ti :=(Aj'-Coll)+(Si- 
Sm) + (E^-Fund) iff f is primitive recursive. 

Proof, let KP- = BS + (Ao-CoUcction). By the result of Rathjen [3] a set 
function f{x) is Ei -definable in KP~ + Ei -Foundation iff / is primitive recur- 
sive. Hence it suffices to show the equivalence of Ei -definabilities in KP^ + 
El-Foundation and one in Ti. 

First suppose that f{x) is Ei-definable in Ti, and let ipf he & Ei-formula 
such that Ti h Va; C 'D3\aipf{x,a) and ipf{x,a) defines the graph of /. Then 
Ti + {V = V) ^ KP- + El-Foundation Ei-defines the function /. 

Conversely suppose KP~ + Ei-Foundation Ei-dcfines the function /. Let 
iff be a El-formula such that KP'^ + Ei-Foundation h Vx3!a</7/(a;, a). Now 
observe that the class I? is a model of KP^ + Ei-Foundation provably in Ti in 
the sense tat Ti proves ip^ for each axiom ip in KP~ + Ei-Foundation using 
the axiom (Ei-Submodel), where denotes the sentence obtained from the 
sentence ip by restricting any quantifiers to V. Hence Ti h Vaf C T)3\a(pf{x, a), 
and this shows that /(a?) is Ei-definable in Ti. □ 
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6.2 Si-definable functions under Ao-Foundation 

In this subsection we prove Theorem 16.5121 

Let us formulate T2:=(A§'(PCSF)-Coll) + (A^(PCSF)-Pund)+F = 23 in a 

one-sided sequent calculus. Assume that the language of T2 does not contain 
the predicate V. 

Terms are generated from variables by applying the function symbols for 
PCSF- functions. Terms are denoted t, s, . . .. Literals arc t £ s, t ^ s, t ~ s, t ^ 
s, 'D{t) and -'T>{t). Formulas arc built from literals by propositional connectives 
V, A, hounded quantifiers H 3a G 6, Va G b, 3x G y,\/x G y and unbounded 
quantifiers 3a, Va, 3x, Vx. Thus each formula is in negation normal form, and 
the negation -itp is defined recursively by dc Morgan's law and elimination of 
double negations. 

Sequents are finite sets of formulas, and denoted by F, A, . . .. F, A denotes 
the union F U A, and F, A the union F U {A}. -.F := {^A : AeT}. A finite set 
F of formulas is intended to denote the disjunction V ^ := V{^ ■ ^ ^ T}. 

Axioms or initial sequents of T2 are logical ones F, -iL, L for literals L. 

Inference rules of T2 are divided to logical ones and non-logical ones. Logical 
ones are (V), (A), (63), (&V) for introducing bounded quantifiers, (3) , (V) for 
introducing unbounded quantifiers and (cut). 

T An Ai T An r Ai r,tes T,A(t) , , V,b4s,A(b) , , 



F,AoVAi ' ^ r,AoAyli ' ^ F,3&GsA(&) ' ',F,V&esA(&) 

T,A{t) r,A(&) F,^C C,A 
(3) M^.^ (^) T^^ 



F,36A(fe) ' r,V6A(6) ' F,A 
In (6V) and (V), 6 is the eigenvariable and docs not occur freely in F U {V6 G 
sAib)}- 

Non-logical ones are as follows: 
1. 

(PCSF) 



F 

where Va9f{a) = AXf for the defining axiom of the function / G PCSF, 
and Of is a Ao-formula. 

The axioms of extensionality, null set, pair, union, Ag-Separation scheme 
in BS arc provable from the inference rules. 

2. 

A,\/x € t3aw(x,a) 3x G tya G c^ip(x,a),T , 

\j. (Ao(PCSF)-CoU) 

where c is the eigenvariable and does not occur freely in F U {Vx G 
t3aip{x,a)}, and 1^9 is a Ao-formula. 



3ElaG0¥':<i=>0e0 and Va e ^ 0. The abbreviations are applied for U0 := and 

{b 6 : 'p{d,b)} := 0. 
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3. 

y}_2L_ (Ao(PCSF)-Fund) 

where y is the eigenvariable and does not occur freely in F U {ip{t)}, and 
is a Ao-formula. 

Suppose that a set-theoretic function /(£"/—) is Si-definable in T2, and let 
(Pfix/b) be a Ei (PCSF)-formula such that T2 h Vx C V3\hipf{x/b) with V = 
{x : X = a;}, and /(a?/—) = b <=> V \= ipf{x/b) for any x,b. 

Given a derivation of\/x3bipf{x/b) in the sequent calculus for T2, first elim- 
inate (cMt)'s to get a cut-free derivation of the sequent 3bipf{x/b) such that any 
formula occurring in it is a S-formula where a formula is said to S if the formula 
is either a Si-formula (including a Ap-formula), or a formula Va; € t3atp for a 
Ag-formula 1^9. Observe that the minor formula Vx G t3a (/'(x, a) of the inference 
rule (Aq-CoII) is a S-formula. 

The non-trivial half of Theorem 16.5121 is proved by a witnessing argument 
due to Buss [5]. 

The idea is that given implication 3aip{x,a) — 3bijj{x,b) of Ei-formulas, 
find a function / such that for any x, a, tp{x, a) — ^ "ipi^, f{x, a/—)). However as 
pointed out by Arnold Bcckmann this does not work unless we have a choice 
function c, cf. Remark after Corollary 15.161 since we can prove even logically 
3x[y ^ — ^ a: £ y], and its witnessing function would be y 7^ c{y) G y. 

Let us try alternatively to find an / such that for any x, a, f{x, a) — > 35 G 
f{x,a/—)^{x,b). Under the uniqueness 3\b Lp f{x /b) of the witness for the end- 
formula, we can single out the uniquely existing set. 

We show the following lemma, which yields the non-trivial half of Theorem 

A Ap-formula ti;^(a;) is obtained from a E-formula f{x) by restricting each 
unbounded existential quantifier 3c to 3c G b. Observe that w^(a;) A b C d ^ 
w^{x). 

Let F = {ifi : i < 71} be a set of S-formulas, and b = {bi : i < n} be fresh 
variables. Then F'' := : i < n}. 

Lemma 6.8 Let A{x) be finite sets of T,{PCSf)-formulas, and x be the list of 
free variables occurring in A. Assume that A.{x) is derivable in T2. 

Then there exists a list of functions f{x/—) C PCSF such that for any x, 

y Af'-^/-\x/^) 

holds (in V). 

Proof. Given a derivation of A (a?) in the sequent calculus for T2, first eliminate 
(cut)'s to get a cut-free derivation of the same sequent such that any formula 
occurring in it is a E(PCSF)-formula. Moreover we can assume that any free 
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variable occurring in the derivation is either a variable in x in the end sequent 
A{x) or an eigenvariable. Otherwise substitute for redundant free variables. 
We show the lemma by induction on the length of the derivation. 

Consider the case when the last rule is a (6V) introducing a S-formula G 
t 3a (p{x, X, a). 

r, -'X'(x), X ^t,3a Lp{x, X, a) ^^^^ 
r, Vx G 1 3a ip{x, X, a) 

For simplicity assume F = {3c9{x, c)} for a Ao-formula 6. t = t{x) is a term 
whose free variables are among x. By IH there arc g, h G PCSF that x TV3a G 
g{x, x/ --)ip{x, X, a) V 3c G h{x,x/ — ) 0{x^ c), where T = t{x) — t{x/~) for a 
PCSF-function t by Proposition Then for G{x/-) = [j{gix,x/~) : x G 
T} andif(:E/-) = U{ft.(f,a;/-) : x G T} wehavcVx G T3a G G(x, /-)<p(f , x, a)V 
3c G H{x/-)e{x,c). G{x/-),H{x/-) G PCSF is seen from Proposition [3215] 
and (Safe Composition). 

Consider the case when the last rule is a (6V) introducing a Ag-formula 
\fb £tip{x, b). 

b^t,ipix,b),Tix) 
\/b€tip{x,b),T{x) ^ ' 

By IH there are / such that for any x and any b, b ^TV (p{x, &) V V F-''^^^^/") (x) 
where T = t{x). Let F{x/-) = [j{.f{x, b/-) : b e T} for each / G / . We obtain 

Consider the case when the last rule is a (Ao(PCSF)-Fund). 

By IH there are / such that for any x and y, \/ F-''^^'^/"' (x)V-iVx G y (p{x)\' (p{y) . 
Let for each / G /, F{x/-) = \J{.fix;,y/-) : y G TC(T U {T}/-)} with 
T = t{x). Then for any y G TC(ru{r}/-), V F^(^/-)(x)V-Vx G y (p{x)y (p{y) , 

and hence VT^^^/^H-^) V fiT) by induction. 

Finally consider the case when the last rule is a Ao(PCSF)-Collection. 

A(x), Vx G t3a (p{x, a) 3x G tVa G c -^^{x, a), F(x) 
A(f),F(x) 

i = t{x) is a term whose free variables are x. By IH there are / and g such 
that for any x, V A-''(^/-)(x) VVx G T3a G ff(x/-) ip{x, a), where T = t{x), and 
ip{x^a) may have parameters, (/5(x, a) = (p(x, x, a). Also there arc /i such that 
for any x and any c, 3x G TVa G c-i(^(x,a) V Y F'''^^''^/^^(.x). 

Letting c = .g(x/-) and H{x/-) = h{x, g{x /-)/-) for each heh,\/ A^"'^^ / -\x)V 
Yr^(^/-)(f) follows. 
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This completes a proof of Lemma 16.81 □ 

Suppose that a set-theoretic fmrction f(x/a) is Si-definablc in and let 
ipf{x/a,b) be a Ei(PCSF)-formula such that T2 \- Vx C 'D\/a3\bipf{x/a,b) and 
f{x/a) = & y ^ (pf{x/a, b) for any x, b. By Lemma 15^ pick a PCSF-function 
g such that 36 e g{x,d/—)w^^^'°'^~\x,a,b) holds for any x and any a. Then 
3!6 G g{x,d/ '~)w^^'°'^ \x,a,b), and hence for G{x,a/—) = G g{x,a/—) : 



w: 



90i:,a/ .^^g have w^^^'°'^ ' (x,a,G(x,al —)), and (pf{x/a,G{x,d/—)). 

This means that G(x,d/ —)) = f{x/d). In particular when a is the empty list, 
fix/-) e PCSF, and this shows TheoremEU 

6.3 Si-definable functions in (A^-Coll)+ (Si-SmR) + (Sf- 
Fund) + (Choice) 

Let us formulate r3c:=(Aj'-Coll)+(i;i-SmR)+(i;?-Fund)+(Choice) in a 
one-sided sequent calculus. The language here is {e, P, C, 0} with an individual 
constant for the empty set. Terms are generated from variables and by the 
function symbol C. Terms are denoted t, s, . . .. Literals are t Cz s, t ^ s, 'Dlt) 
and -^V{t). 

Axioms or initial sequents of T^c are logical ones F, -iL, L for literals L. 

Inference rules of T^c are again divided to logical ones and non-logical ones. 
Logical ones are (V), (A), (63), (6V) for introducing bounded quantifiers, (3) , (V) 
for introducing unbounded quantifiers and (cut) as for T2. Moreover inference 
rules (63-'') and (6V''') for introducing bounded quantifiers on V are added for 
conveniences. 

T,^V{s),V{t) T,^Vis),tes T,^Vis),Ait) ^ 



T,^V{s),3x e sA{x) 

'x) ^ 
(6V^) 



(63^) 



r,^V{s),^Vix),x^s,A{x) 



r,^2?(s),Vx e sA{x) 

In (6V^), X is the eigenvariable and does not occur freely in F U {Va; G s A{x)}. 
Non-logical ones arc as follows: 

1. 

where 6 denotes a Ao-formula for axioms of extensionality Va, 6, c[a = 
6^6£c— >-a£c], null set, pair, union, Ao(I?)-Separation scheme. For 
example 6 may be -i(Vc G b3d G t{c G d) A Vd G t\/c G ii(c G 6)]) for the 
existence of Ut, where 6 is the eigenvariable not occurring in F U {t}. Or 
6 may be -i[V6 G t{ip{s, b) ^ b £ d) A\/b G d{b € t A (p{s, 6)] for an instance 
of the Ao-Separation 3d[d = {6 G < : ip{s, 6)}], where d is the eigenvariable 
not occurring in F U {t}. 
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(C(-/0) ^ 0) V (i ^ A C(-A)^t),r . 

(Choice) 



r 

2. 

^[t C y A tran{y)],T 



(transitive cover) 



where y is the eigenvariable and does not occur freely in F U {t}. 



3. 

sGt,T -.2?(s),A 



(transitivity) 



-p(0,r,A 

This says the (transitivity) yx,y{'D{x) — > y 6 x — > T>{y)). 
s = t,r -2?(s),A 



-p(t),r,A 



(extensionahty) 



This says the extensionahty for the predicate T) yx,y(T>(x) y ~ x 
V{y)). 



4. 

-i'D{x), 3a (p{x, a) 



(Si-SmR) 



^D(f), 3y e Vip{x,y) 
where ip{x, a) is a Ao-formula whose free variables are among the list x, a. 



5. 

T,^V{t),\/x et3a(p(x,a) -^V(t),3x e t\/a e c^u>(x,a), A 

\ h : ) \ h , J, (Aj'-CoU) 



-i?(0,r,A 

where c is the eigenvariables and does not occur freely in ruAU{-i'D(i), 3a ip{x, a)}, 
and if is a, Ao-formula. 



6. 

^,^'D{y),^yx ey3aip{x,a),3a(p{y,a) -^V{t),^(p{t,a),A 



-i?(t),r,A 

where y and a are the eigenvariables and docs not occur freely in F U A U 
{^I){t),3a(p(t,a)}, and tp is a Ao-formula. 

Let T^cn denote a subsystem of T^c such that T^c;n 1^ iff there exists a 
Tsc-proof of 9 in which the number of nesting of the inference rules (Si-SmR) 
are at most 7i-times. 
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Suppose that a set-theoretic function f{x/—) is Ei-definable in T^c, and let 
(pf{x/b) = 3cipf(x/b,c) be a Ei-formula, and n a natural number such that 
T3c,n h Vf C V3\hipf{x/b) and f{x/-) = & ^ (F; C) h <^/(^/&) for any x,h. 
This means that there is a derivation of Vi; C V3lb(pf{x/b) in T^co with some 
extra axioms Vaf^ C 2?3y € T) ipi{xi,y) of Ag-formulas (/J;. 

Given a derivation of yx3bipf{x/b) in the sequent calculus for T^c.o with 
some extra inference rules, first eliminate (cMt)'s to get a cut-free derivation of 
the sequent -i'D{x),3b(pf{x/b) such that any formula occurring in it is either a 
E-^'-formula, or a Il^-formula, or a negative literal -^T>{t), where an occurrence 
of a formula in a sequent is said to if the formula is either a Ei-formula 
(including a Ag-formula), or a formula Vx S y3a ip for a Ag-formula ip and with 
a negative literal -^Vixf) in the sequent. 11^ is defined dually. Observe that the 
minor formula \/x G y3a <f{x, a) of the inference rule ( A^-CoU) is a S^-formula, 
and the minor formula -^yx £ y3a (p{x, a) of the inference rule (E^-Fund) is a 
n^-formula. 

Moreover we can assume that any free variable occurring in the derivation is 
either a variable Xi € x in the end formula -i2?(a;), 3bipf{x/b) or an eigenvariable. 
Otherwise substitute for redundant free variables. 

The converse of Theorem 16.5131 is proved again by a witnessing argument . 

The idea is that given implication 3aip{x,a) — > 3bip{x,b) of Si- 

formulas, find a function / such that for any x, a, ip{x, a) ip{x, f{x/a)), where 
/ is defined from a choice function C{—/b) such that 6 7^ C{—/b) G b. 

A Ao-formula Wip{x/a;b) for S-^'-formulas (p{x/d) is defined as follows. Let 
6 be a variable not occurring in ip[x/a). 

1. Wip{x/a]b) (p(x/d) if is a Ao-formula. 

2. liip{x/a) is a Si-formula 3cip{x/d, c) for a Ao-formula tjj, then w^{x/d; b) :<?^ 
Tp{x/d,b). 

3. If tf{x/d) is a E'^'-formula G y3c^{x/d, c) for a Ao-formula tp, then 

w^p{x/d; b) (6 is a fimction on y) A Va; G yip{x/d, b'x). 

Let F = {(y9i : i < n} be a set of E^-formulas, and b = {bi : i < n] he fresh 
variables. Then F(; b) :~ {wipii', bi) : i < n}, and -iF := {^fi : i < n}. 

Let $ = {ipi{xi, a) : z = 1, . . . , n} (n > 0) be a list of Ao-formulas such that 
free variables occurring in (pi{xi, a) are among the list Xi U {a}. 
Consider the following inference rule for each tp^ G $. 

-^V{y),^ip,{ti,y),r 

-^ViUlT ^^^^ 

where y is the eigenvariable and docs not occur freely in FU{-iP(ti), 3y ipi{ti, y)}. 
This inference rule says that Vxi C I^By ^Vipi {xi , y) . 
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Then T3c,o + ^ is obtained from T3 by dropping the inference rule (Si-SmR) 
and adding the rule (ipi) for each tpi £ ^. It is easy to see that we can eliminate 
(cut) inferences from derivations in Tsc.o + and any formula occurring in a 
cut-free derivation of the sequent -^V{x), 3bLpf{x/b), is cither a negative literals 
~^T>{t) or a S'^-formula, or a H^-formula. 

The following Lemma 16.91 yields the converse of Theorem 16.5131 

Lemma 6.9 Let T{x/a) and A(af/a) be finite sets of TP -formulas, and x,a be 
a list of free variables occurring m FU A. Let b and c be fresh variables. Assume 
that -^'D{x),^T{x/d),A{x/d) is derivable in T^c.o + ^- Moreover assume that 
for each i there exists a function fi{xi/ ~) G PCSFc such that 

\fxiipi{xi, fi{xi/~)) (5) 

Then there exists a list of functions f{x/d,b) C PCSFc such that for any b, 
a and x, 

f\ r(f/a; 5) ^ V Aix/a; f (f /a, b)) 

holds in {V;C), where A{x/d;f{x/d,b)) is obtained from A{x/d\c) by replacing 
c by f (x/a, 6). 

Proof. Given a cut-free derivation of the -<D{x), -iF, A, we show the lemma by 
induction on the length of the derivation. 

Consider the case when two occurrences of a formula is contracted. When the 
formula is in -iF, use a projection to get f{x/d, b, c, c) for and w^. Otherwise 
use a definition by cases. 

Consider the case when the last rule is an (3). 

r,A,^(t) 

F, A, 3a ip{a) 

f{x/d, b) — t is a witness for ip. 

Consider the case when the last rule is either a (tpi) or (transitive cover). 

^vit'ir 

For simplicity let us assume that is a list of variables C x,T = {^a{x,d),3c9{x,d,c)} 
for a S-^-formula a and a quantifier-free formula 9. By IH we have anh G PCSFc 
such that ipi{xi,y) A Wa{x, a; b) — >■ 9(x, h{x, y/a, b)). On the other hand we have 
fii^i, fi{xi/ —)) by the assumption ([5]) or by f{x/—) = TC(x/— ) is a witness 
for the 2/ in a; C y A tran{y) of (transitive cover). 

Hence for f{x/d, b) = h{x, , fi{xi/'-)/d, b) by (Safe Composition), we have 
Wa{x,d;b) 9{x, f{x,y/d,b)). 

Next consider the case when the last rule is a {b3^). 

-^V{y),V{t),T ^V{y),tGy,r -2?(y), -3a (^(t, a), F 



-^T>{y) , -i\fx £ y3a (p{x,a),T 



(63^) 
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Assume that t is a variable occurring in {-i2?(t/), -iVa; G y3a(f{x,a)} U T. Let 
us assume that F = {3cd{x,y,a,c)} for a Ao-formula 6. By IH we have for 
an /i G PCSFc such that t G y A ip{x, a, a) — > 0(5;, y, a, h{x, y/a, a)). We have 
Vx S 2/ v(^) Q-: 2;, 6'a;) 9{x, y, a, H{x, y/d,b)) for H(x, y/a,b) = h{x, y/a, b't). 
Consider the case when the last rule is a {bM'^). 

r,-'P(y),-'P(a;),a: (^y,3aip{x,a) 
r,^'D{y),Vx G y3a(p{x,a) 

For simplicity let F = {^3b 9{x, a, b)}. By IH we have an h{x, x, y/a, b) G PCSFc 
such that 6{x, a, b) x £ y vi^-i '^i h{x, x, y/a, b)). Then for f{x, y/a, b) = 
{{x, h{x, X, y/a, b)) : x £ y}, we obtain 6{x, a,b) ^ yx G y (p{x, a, x, f{x, y/a, 

If the last rule is either a (Aj'-Coll) or a (BS), then IH with (Safe Com- 
position) yields the lemma. For (A^-CoU), let b = g{x/a,b) be a witness of 
the left upper sequent such that Vx G y ip{x,b'x). Substitute G{x,y /a,b) = 
b"y = {g{x/a,b)'x : x G y} for the argument (eigenvariable) c in the wit- 
ness h{x/a,c,b) of 3x G yWa G c-'ip{x,a) in the right upper sequent. Then 
f(x/a, b) = h(x/a, G{x/a, b), b) is a witness. 

For a {BS) with an eigenvariable d, pick a PCSF^-function f{—/a) such that 
-i6'(/(— /a)) and substitute f{—/a) for d. 



If the last rule is a (Choice), there is nothing to prove. 
Consider the case when the last rule is a (V). 



Va -i(/3(a), F 



For simplicity let F = {3c9[x, a, c)}. By IH we have an h{x/d, a) G PCSFc such 
that <y9(a) 6{x,d,h{x/d,a)). 

Consider the case when the last rule is a (6V). 

g ^ 6, ^ip{a),T 

Va G 6 -(/?(«), F ^ ' 

where is a Ap-formula. 

For simplicity let F = {3c9{x,d,c)} . By IH we have an h{x/d,b,a) G 
PCSFc such that a G b A ip{a) — >■ 6{x,d,h[x/d,b,a)). Then for f{x/d,b) = 
h{x/d, b, C(— /{a G 6 : (p{a)})) G PCSFc we obtain 3a G b(p{a) —5- 0(x, a, f{x/d, b)). 

Finally consider the case when the last rule is a Sf-Foundation. For an 
eigenvariable y 

^,^T^{y),-'yx ey3a(p{x,a),3a(p{y,a) -^V{z),^ip{z,a),A 

-^v{z),r,A -^""^^ 
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For simplicity let us forget the side formulas F and let A = {3c9{x,a,c)}. By 
IH we have an h € PCSFc such that Va; £ yip{x,b'x) — >■ ip{y,h{x,y/d,b)). 
Let f{x,y/d) = h(x,y/a,{{x,f{x,x/a)) : x G y}). It is easy to see from 
(Ao(PCSFc)-Fund), i.e., by induction on y that (f{y, f{x,y/a)). On the other 
hand we have an 5 £ PCSFc such that (p{z,a) — >■ 9{x,a,g{x, z/d,a)). We can 
assume that i is a variable in x. Then for G{x,z/a) = g{x, z/a, f{x, z/a)) we 
obtain 9{x, a, G{x, z/a)). 

This completes a proof of Lemma 16.91 □ 

Finally let us spend a word on a conjecture. 

Let = (Ao(PCSFc)-Foundation) denote a theory defined as follows. Its 
language is {e} U {f : / G PCSFp} where f denotes a function symbol for a func- 
tion / G PCSFc". Its axioms are those of ^^(PCSFc) in this expanded language, 
(Ao(PCSFc)-Foundation) and (Choice). ^ (Ao(PCSF)-Foundation) 

denotes the theory obtained from T2 in subsection 16.21 bv dropping the axiom 
schema (Ao-Collection). Also let T3 denote T^c without the choice function 
symbol C (and the axiom (Choice)). 

An inspection of the proof of Lemma l6. 91 shows that if a Si-formula is deriv- 
able in T3, then it is derivable in T^^. 

Conjecture. T^q is a conservative extension of T2 . 

If the conjecture is true, then from Theorem 16.5121 we see that any Si- 
definable function in T3 is in PCSF, and vice versa. 
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